[do not merge] add swap to CI for 1.37 #6569
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bump runc to v1.2.9 to fix CVE-2025-52881. This also fixes CVE-2025-31133 and CVE-2025-52565. Partially fixes: https://issues.redhat.com/browse/OCPBUGS-64913, https://issues.redhat.com/browse/OCPBUGS-64911 once merged into Podman. runc v1.2.9 also fixes a couple of regressions that were in the original CVE 1.2.8 patch. Signed-off-by: tomsweeneyredhat <[email protected]>
The latest runc requires Go 1.22. Bump int in the Makefile to that version. Signed-off-by: tomsweeneyredhat <[email protected]>
These functions were removed in github.com/opencontainers/selinux v1.12.0. Signed-off-by: tomsweeneyredhat <[email protected]>
Bumping golang.org/x/tools to v0.26.0 per @nalind's suggestion. Signed-off-by: tomsweeneyredhat <[email protected]>
Apparently, per lint, the userns.RunningInUserNS() function has moved from runc, to moby. Update the library location. Signed-off-by: tomsweeneyredhat <[email protected]>
Update references to specific versions of golang in the Makefile and the Cirrus CI configuration to match go.mod, and add a check in the 'vendor' target that CI runs that the image it's run inside is a close-enough match to the version listed in go.mod. Signed-off-by: Nalin Dahyabhai <[email protected]>
Stealing from @cevich's work in containers#6520. In CI, the project and tests are compiled, so therefore require newer CI/VM images with support for the newer golang requirements. Signed-off-by: tomsweeneyredhat <[email protected]>
Update the version of ginkgo that we build for use by our e2e tests. Signed-off-by: Nalin Dahyabhai <[email protected]>
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nalind The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Ephemeral COPR build failed. @containers/packit-build please check. |
1 similar comment
|
Ephemeral COPR build failed. @containers/packit-build please check. |
* bump golangci-lint to v1.60.3 * bump golang.org/x/tools to v0.26.0 Signed-off-by: Nalin Dahyabhai <[email protected]>
Signed-off-by: Nalin Dahyabhai <[email protected]>
Ambient capabilities can't be raised without inheritable ones, and since we don't raise inheritable, we should not raise ambient either. This went unnoticed because of a bug in syndtr/gocapability which is only fixed in its fork (see the next commit). Amends commit e7e55c9. Signed-off-by: Kir Kolyshkin <[email protected]>
nalind
force-pushed
the
ci-1.37
branch
2 times, most recently
from
7266bbf to
0b1ab09
Compare
Signed-off-by: Nalin Dahyabhai <[email protected]>
nalind
force-pushed
the
ci-1.37
branch
2 times, most recently
from
6eeb4ea to
601d8a0
Compare
The version of containers/common we're currently using on this branch included a bug which was later fixed by containers/common#2199. If we get an update on its v0.60 branch which includes that fix, we can drop this patch from this branch, but until then, work around the part that breaks our tests. Signed-off-by: Nalin Dahyabhai <[email protected]>
Run integration tests (both as root and rootless) with both crun and runc on Fedora, to help ensure that we can use either. Signed-off-by: Nalin Dahyabhai <[email protected]>
Handle requested relabeling of bind mounts (i.e., the "z" and "Z" flags) directly, instead of letting the runtime handle the relabeling. Signed-off-by: Nalin Dahyabhai <[email protected]>
Bump Buildah to v1.37.7 Signed-off-by: tomsweeneyredhat <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ignore me!